Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/logging/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/xslt/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Regex 用于rsyslog排除模式的正则表达式_Regex_Logging_Rsyslog - Fatal编程技术网
Fatal编程技术网
  • regex/
  • Regex 用于rsyslog排除模式的正则表达式

Regex 用于rsyslog排除模式的正则表达式

regex logging

Regex 用于rsyslog排除模式的正则表达式,regex,logging,rsyslog,Regex,Logging,Rsyslog,我需要一个rsyslog正则表达式将包含“防火墙”一词的所有消息转发到远程服务器。原始日志格式为: 7月24日16:33:09 FW02内核:[3456825.472985]防火墙\u DENY\u IN:IN=eth2 OUT=MAC=ff:ff:ff:ff:ff:00:1b:78:e4:b3:24:08:00 SRC=10.101.103.193 DST=10.101.103.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SP

我需要一个rsyslog正则表达式将包含“防火墙”一词的所有消息转发到远程服务器。原始日志格式为:

7月24日16:33:09 FW02内核:[3456825.472985]防火墙\u DENY\u IN:IN=eth2 OUT=MAC=ff:ff:ff:ff:ff:00:1b:78:e4:b3:24:08:00 SRC=10.101.103.193 DST=10.101.103.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=51512 DPT=694 LEN=217

所需的日志格式不包含内核时间:

7月24日16:33:09 FW02内核:防火墙\u DENY\u IN:IN=eth2 OUT=MAC=ff:ff:ff:ff:00:1b:78:e4:b3:24:08:00 SRC=10.101.103.193 DST=10.101.103.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=51512 DPT=694 LEN=217

我对正则表达式的经验是基本的。我能够匹配我需要排除的零件:

[*[0-9]*\.[0-9]*\]

但仅此而已。regex必须在免责声明中进行验证:我不知道rsyslog是如何工作的,但下面的regex可能会有所帮助

^([^[]*).\](.*)$

子批次1:

“7月24日16:33:09 FW02内核:”

子批次2:

“防火墙\u DENY\u IN:IN=eth2 OUT=MAC=ff:ff:ff:00:1b:78:e4:b3:24:08:00 SRC=10.101.103.193 DST=10.101.103.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=51512 DPT=694 LEN=217”